package org.gcube.keycloak.protocol.oidc.mapper;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.when;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import javax.ws.rs.core.HttpHeaders;

import org.assertj.core.util.Maps;
import org.junit.Test;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.mappers.FullNameMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.mockito.Mockito;

/**
 * Original code repo: https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
 */
public class D4ScienceContextMapperTest {

    static final String CLAIM_NAME = "haandlerIdClaimNameExample";
    static final String HEADER_VALUE = "ginostilla";

    @Test
    public void shouldTokenMapperDisplayCategory() {
        final String tokenMapperDisplayCategory = new FullNameMapper().getDisplayCategory();
        assertThat(new D4ScienceContextMapper().getDisplayCategory()).isEqualTo(tokenMapperDisplayCategory);
    }

    @Test
    public void shouldHaveDisplayType() {
        assertThat(new D4ScienceContextMapper().getDisplayType()).isNotBlank();
    }

    @Test
    public void shouldHaveHelpText() {
        assertThat(new D4ScienceContextMapper().getHelpText()).isNotBlank();
    }

    @Test
    public void shouldHaveIdId() {
        assertThat(new D4ScienceContextMapper().getId()).isNotBlank();
    }

    @Test
    public void shouldHaveProperties() {
        final List<String> configPropertyNames = new D4ScienceContextMapper().getConfigProperties().stream()
                .map(ProviderConfigProperty::getName)
                .collect(Collectors.toList());

        assertThat(configPropertyNames).containsExactly(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME,
                OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
    }

    @Test
    public void shouldAddClaim() {
        final UserSessionModel session = givenUserSession();
        final KeycloakSession keycloakSession = givenKeycloakSession(true);
        final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
        assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isEqualTo(HEADER_VALUE);
    }

    @Test
    public void shouldNotAddClaim() {
        final UserSessionModel session = givenUserSession();
        final KeycloakSession keycloakSession = givenKeycloakSession(false);
        final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
        assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
    }

    @Test
    public void shouldNotAddClaimAndLogWarning() {
        final UserSessionModel session = givenUserSession();
        final KeycloakSession keycloakSession = givenKeycloakSession(true);
        final AccessToken accessToken = transformAccessToken(session, keycloakSession, false);
        assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
    }

    private UserSessionModel givenUserSession() {
        UserSessionModel userSession = Mockito.mock(UserSessionModel.class);
        UserModel user = Mockito.mock(UserModel.class);
        when(userSession.getUser()).thenReturn(user);
        return userSession;
    }

    private KeycloakSession givenKeycloakSession(boolean withHeader) {
        KeycloakSession keycloakSession = Mockito.mock(KeycloakSession.class);
        KeycloakContext context = Mockito.mock(KeycloakContext.class);
        when(keycloakSession.getContext()).thenReturn(context);
        HttpHeaders headers = Mockito.mock(HttpHeaders.class);
        when(context.getRequestHeaders()).thenReturn(headers);

        if (withHeader) {
            when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn(HEADER_VALUE);
        } else {
            when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn("");
        }
        return keycloakSession;
    }

    private AccessToken transformAccessToken(UserSessionModel userSessionModel, KeycloakSession keycloakSession,
            boolean withResourceAccess) {

        final ProtocolMapperModel mappingModel = new ProtocolMapperModel();
        mappingModel.setConfig(createConfig());
        AccessToken at = new AccessToken();
        if (withResourceAccess) {
            at.setResourceAccess(Maps.newHashMap(HEADER_VALUE, null));
        }

        return new D4ScienceContextMapper().transformAccessToken(at, mappingModel, keycloakSession,
                userSessionModel, givenClientSessionContext());
    }

    private ClientSessionContext givenClientSessionContext() {
        ClientModel clientModel = Mockito.mock(ClientModel.class);
        when(clientModel.getName()).thenReturn("test-client-id");
        AuthenticatedClientSessionModel acsm = Mockito.mock(AuthenticatedClientSessionModel.class);
        when(acsm.getClient()).thenReturn(clientModel);
        ClientSessionContext csc = Mockito.mock(ClientSessionContext.class);
        when(csc.getClientSession()).thenReturn(acsm);
        return csc;
    }

    private Map<String, String> createConfig() {
        final Map<String, String> result = new HashMap<>();
        result.put("access.token.claim", "true");
        result.put("claim.name", CLAIM_NAME);
        return result;
    }

}